This isn't the first post about staying connected to appear on this blog, and I'm sure it won't be the last.
Today I want to talk about how you can stay more connected to Microsoft to find out what is happening with our Security Response center. In a previous post John talked about all of the different sites that you could go to in order to stay abreast of all our official security announcements. However, if you want to get a better understanding of what is occurring while we are working on patches or updates you might be interested in reading the Microsoft Security Response Center (MSRC) Blog.
In the most recent post, you can hear directly from Mike Nash, the Corporate Vice President responsible for security at Microsoft. Mike's post gives you some of the background and thinking that occurs as we are developing updates.
So take a minute to read the MSRC blog. You might find that additional information useful.
I just got this from Gary Wilson, the MVP Lead:
Today Microsoft released the following Security Bulletin(s).
Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.
Critical Bulletins:Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)
Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.